[ISN] Expert calls for better security

From: William Knowles (wk@private)
Date: Thu Jun 03 2004 - 23:15:02 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary - Issue: 2004-23"

    By Dibya Sarkar 
    June 3, 2004
    A leading expert who helped develop the federal cybersecurity strategy
    during the Clinton administration said the plan is not working and
    needs to be overhauled.
    "We are grossly unprepared to address the issue of cyberterrorism,"  
    said Jeffrey Hunker, a professor of technology policy at Carnegie
    Mellon University.
    Hunker, who spoke today at a Washington, D.C., homeland security
    conference sponsored by McGraw-Hill Companies, said people need to
    better understand the threats, build national structures for network
    security, understand the interdependencies with critical
    infrastructure, build incentives for educational awareness and
    recognize new technologies and standards. He listed six suggestions to
    improve cybersecurity:
    * Invest more in collecting statistics related to cybercrime 
    * Keep what works, such as federal research, developing funding, 
      private and public partnerships and a federal program that provides 
      scholarships to undergraduate and graduate students studying 
      computer security. 
    * Develop national standards that have teeth, meaning officials would 
      enforce them. 
    * Expand and clearly define organizational and personal liability. 
    * Have the Securities and Exchange Commission require companies to 
      disclose cybersecurity investments to their investors. 
    * Adjust federal research and development practices that also focus on 
      developing management programs 
    Hunker, a former senior director of critical infrastructure with the
    National Security Council, said the United States has also failed to
    take leadership to shape global policy, leaving that to the European
    Union, United Nations and others.
    The United States, he added, hasn't seen anything that can even be
    characterized as a cyberterrorism. Most events should be described as
    either cybercrime or vandalism. "These are...inconvenient but don't
    rise to the level of national security," he said.
    However, he said there have been cyber skirmishes between countries
    such as China and Taiwan and between Israelis and Palestinians. He
    said after the Chinese embassy was bombed in Belgrade, Yugoslavia, in
    1999 by NATO forces, Chinese hackers launched a number of attacks
    against U.S. federal institutions.
    However, Hunker, who is writing a book about the subject due out soon,
    said he expects to see some type of cyberterrorist attack in the next
    five years.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Fri Jun 04 2004 - 00:22:52 PDT